The Netsh commands for the Windows Filtering Platform (WFP) enable you to perform diagnostics that support Windows Firewall and IPsec. Its primary use is to capture diagnostic data while you reproduce a problem. The tool then exports the collected data into an XML file that you can examine for clues to the cause of the problem.

To run these commands from the command prompt, you must either enter the netsh wfp context or prepend the context to the command. You can enter the netsh wfp context by typing netsh and pressing ENTER, and then typing wfp and pressing ENTER. Alternately, if you are at the command prompt but have not entered the wlan context, you can type:

netsh wfp command

Where command is the command that you want to run, including all of the required parameters for the command.

The netsh wfp context and all of its commands are supported on computers that are running Windows 7 or Windows Server 2008 R2 only.For computers that are running earlier versions of Windows, you can download the Microsoft IPsec Diagnostic Tool ( from the Microsoft Web site. This tool provides some of the same functionality in a form that is compatible with older versions of Windows.

Learn more

The following section provides Netsh commands for WFP in Windows Server® 2008 R2.

The commands documented in the Netsh WFP reference for Windows Server® 2008 R2 can be run - as documented – on computers running Windows® 7.